Add user_id,project_id traits to audit events

The ceilometer audit events stored at the ceilometer database
currently don't have user_id/project_id associated with them
even though this information is available as part of the event
message payload. The user_id and project_id information has to
be stored as traits so that there's user/project context for each
event and these traits are required to apply RBAC-based rules
and filters on events. For eg., presence of these traits enable
db queries - like get all events for a project/user against events.
The audit event definition in the events yaml file already stores
payload.initiator.id as initiator_id but the initiator_id trait
is not a common trait across all events and thus this trait cannot
be used to apply RBAC filter against events.This changeset will
thus add user_id and project_id traits to the audit events namely
*.http.* and add useri_id and project_id as default traits for all
events.

DocImpact

Change-Id: If4034342c4e60d519f0ec96ae8895dcf78f8ad3b
blueprint: events-rbac
This commit is contained in:
Divya 2015-08-11 13:17:15 +02:00
parent c18d69a800
commit 6a532111bc
3 changed files with 12 additions and 0 deletions

View File

@ -154,6 +154,12 @@ class EventDefinition(object):
DEFAULT_TRAITS = dict(
service=dict(type='text', fields='publisher_id'),
request_id=dict(type='text', fields='_context_request_id'),
project_id=dict(type='text', fields=['payload.tenant_id',
'_context_tenant']),
user_id=dict(type='text', fields=['payload.user_id',
'_context_user_id']),
# TODO(dikonoor):tenant_id is old terminology and should
# be deprecated
tenant_id=dict(type='text', fields=['payload.tenant_id',
'_context_tenant']),
)

View File

@ -126,6 +126,8 @@ all events if the notification has the relevant data:
* service: (All notifications should have this) notification's publisher
* tenant_id
* request_id
* project_id
* user_id
These do not have to be specified in the event definition, they are
automatically added, but their definitions can be overridden for a given

View File

@ -331,6 +331,10 @@
fields: ['payload.ipsec_site_connection.id', 'payload.id']
- event_type: '*http.*'
traits: &http_audit
project_id:
fields: payload.initiator.project_id
user_id:
fields: payload.initiator.id
typeURI:
fields: payload.typeURI
eventType: